accctrl.pas

详细Windows API大全有关知识以及相关问题

{******************************************************************}
{                                                       	   }
{       Borland Delphi Runtime Library                  	   }
{       AccCtrl interface unit                                     }
{ 								   }
{ Portions created by Microsoft are 				   }
{ Copyright (C) 1995-1999 Microsoft Corporation. 		   }
{ All Rights Reserved. 						   }
{ 								   }
{ The original file is: accctrl.h, released June 2000. 	           }
{ The original Pascal code is: AccCtrl.pas, released December 2000 }
{ The initial developer of the Pascal code is Marcel van Brakel    }
{ (brakelm@bart.nl).                      			   }
{ 								   }
{ Portions created by Marcel van Brakel are			   }
{ Copyright (C) 1999 Marcel van Brakel.				   }
{ 								   }
{ Obtained through:                               	           }
{ Joint Endeavour of Delphi Innovators (Project JEDI)              }
{								   }
{ You may retrieve the latest version of this file at the Project  }
{ JEDI home page, located at http://delphi-jedi.org                }
{								   }
{ The contents of this file are used with permission, subject to   }
{ the Mozilla Public License Version 1.1 (the "License"); you may  }
{ not use this file except in compliance with the License. You may }
{ obtain a copy of the License at                                  }
{ http://www.mozilla.org/MPL/MPL-1.1.html 	                   }
{                                                                  }
{ Software distributed under the License is distributed on an 	   }
{ "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or   }
{ implied. See the License for the specific language governing     }
{ rights and limitations under the License. 			   }
{ 								   }
{******************************************************************}

unit AccCtrl;

{$WEAKPACKAGEUNIT}

{$HPPEMIT ''}
{$HPPEMIT '#include "aclapi.h"'}
{$HPPEMIT ''}
{$HPPEMIT 'typedef PTRUSTEE_A *PPTRUSTEE_A'}
{$HPPEMIT 'typedef PTRUSTEE_W *PPTRUSTEE_W'}
{$HPPEMIT '#ifdef UNICODE'}
{$HPPEMIT 'typedef PPTRUSTEE_W PPTRUSTEE'}
{$HPPEMIT '#else'}
{$HPPEMIT 'typedef PPTRUSTEE_A PPTRUSTEE'}
{$HPPEMIT '#endif'}
{$HPPEMIT ''}

{$I WINDEFINES.INC}

interface

uses
  WinNT, WinType;

function AccFree(hMem: HLOCAL): HLOCAL;
{$EXTERNALSYM AccFree}

//
// Definition:
// This enumerated type defines the objects supported by the get/set API within
// this document.  See section 3.1, Object Types for a detailed definition of the
// supported object types, and their name formats.
//

type
  _SE_OBJECT_TYPE = (
    SE_UNKNOWN_OBJECT_TYPE,
    SE_FILE_OBJECT,
    SE_SERVICE,
    SE_PRINTER,
    SE_REGISTRY_KEY,
    SE_LMSHARE,
    SE_KERNEL_OBJECT,
    SE_WINDOW_OBJECT,
    SE_DS_OBJECT,
    SE_DS_OBJECT_ALL,
    SE_PROVIDER_DEFINED_OBJECT,
    SE_WMIGUID_OBJECT);
  {$EXTERNALSYM _SE_OBJECT_TYPE}
  SE_OBJECT_TYPE = _SE_OBJECT_TYPE;
  {$EXTERNALSYM SE_OBJECT_TYPE}
  TSeObjectType = SE_OBJECT_TYPE;

//
// Definition: TRUSTEE_TYPE
// This enumerated type specifies the type of trustee account for the trustee
// returned by the API described in this document.
// TRUSTEE_IS_UNKNOWN - The trustee is an unknown, but not necessarily invalid
//                      type.  This field is not validated on input to the APIs
//                      that take Trustees.
// TRUSTEE_IS_USER      The trustee account is a user account.
// TRUSTEE_IS_GROUP     The trustee account is a group account.
//

  _TRUSTEE_TYPE = (
    TRUSTEE_IS_UNKNOWN,
    TRUSTEE_IS_USER,
    TRUSTEE_IS_GROUP,
    TRUSTEE_IS_DOMAIN,
    TRUSTEE_IS_ALIAS,
    TRUSTEE_IS_WELL_KNOWN_GROUP,
    TRUSTEE_IS_DELETED,
    TRUSTEE_IS_INVALID,
    TRUSTEE_IS_COMPUTER);
  {$EXTERNALSYM _TRUSTEE_TYPE}
  TRUSTEE_TYPE = _TRUSTEE_TYPE;
  {$EXTERNALSYM TRUSTEE_TYPE}
  TTrusteeType = TRUSTEE_TYPE;

//
// Definition: TRUSTEE_FORM
// This enumerated type specifies the form the trustee identifier is in for a
// particular trustee.
// TRUSTEE_IS_SID       The trustee is identified with a SID rather than with a name.
// TRUSTEE_IS_NAME      The trustee is identified with a name.
//

  _TRUSTEE_FORM = (
    TRUSTEE_IS_SID,
    TRUSTEE_IS_NAME,
    TRUSTEE_BAD_FORM,
    TRUSTEE_IS_OBJECTS_AND_SID,
    TRUSTEE_IS_OBJECTS_AND_NAME);
  {$EXTERNALSYM _TRUSTEE_FORM}
  TRUSTEE_FORM = _TRUSTEE_FORM;
  {$EXTERNALSYM TRUSTEE_FORM}
  TTrusteeForm = TRUSTEE_FORM;

//
// Definition: MULTIPLE_TRUSTEE_OPERATION
// If the trustee is a multiple trustee, this enumerated type specifies the type.
// TRUSTEE_IS_IMPERSONATE       The trustee is an impersonate trustee and the multiple
//                          trustee field in the trustee points to another trustee
//                          that is a trustee for the server that will be doing the
//                          impersonation.
//

  _MULTIPLE_TRUSTEE_OPERATION = (NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_IMPERSONATE);
  {$EXTERNALSYM _MULTIPLE_TRUSTEE_OPERATION}
  MULTIPLE_TRUSTEE_OPERATION = _MULTIPLE_TRUSTEE_OPERATION;
  {$EXTERNALSYM MULTIPLE_TRUSTEE_OPERATION}
  TMultipleTrusteeOperation = MULTIPLE_TRUSTEE_OPERATION;

  POBJECTS_AND_SID = ^OBJECTS_AND_SID;
  {$EXTERNALSYM POBJECTS_AND_SID}
  _OBJECTS_AND_SID = packed record
    ObjectsPresent: DWORD;
    ObjectTypeGuid: GUID;
    InheritedObjectTypeGuid: GUID;
    pSid: PSID;
  end;
  {$EXTERNALSYM _OBJECTS_AND_SID}
  OBJECTS_AND_SID = _OBJECTS_AND_SID;
  {$EXTERNALSYM OBJECTS_AND_SID}
  TObjectsAndSid = OBJECTS_AND_SID;
  PObjectsAndSid = POBJECTS_AND_SID;

  POBJECTS_AND_NAME_A = ^OBJECTS_AND_NAME_A;
  {$EXTERNALSYM POBJECTS_AND_NAME_A}
  _OBJECTS_AND_NAME_A = packed record
    ObjectsPresent: DWORD;
    ObjectType: SE_OBJECT_TYPE;
    ObjectTypeName: LPSTR;
    InheritedObjectTypeName: LPSTR;
    ptstrName: LPSTR;
  end;
  {$EXTERNALSYM _OBJECTS_AND_NAME_A}
  OBJECTS_AND_NAME_A = _OBJECTS_AND_NAME_A;
  {$EXTERNALSYM OBJECTS_AND_NAME_A}
  TObjectsAndNameA = OBJECTS_AND_NAME_A;
  PObjectsAndNameA = POBJECTS_AND_NAME_A;

  POBJECTS_AND_NAME_W = ^OBJECTS_AND_NAME_W;
  {$EXTERNALSYM POBJECTS_AND_NAME_W}
  _OBJECTS_AND_NAME_W = packed record
    ObjectsPresent: DWORD;
    ObjectType: SE_OBJECT_TYPE;
    ObjectTypeName: LPWSTR;
    InheritedObjectTypeName: LPWSTR;
    ptstrName: LPWSTR;
  end;
  {$EXTERNALSYM _OBJECTS_AND_NAME_W}
  OBJECTS_AND_NAME_W = _OBJECTS_AND_NAME_W;
  {$EXTERNALSYM OBJECTS_AND_NAME_W}
  TObjectsAndNameW = OBJECTS_AND_NAME_W;
  PObjectsAndNameW = POBJECTS_AND_NAME_W;

{$IFDEF UNICODE}
  OBJECTS_AND_NAME_ = OBJECTS_AND_NAME_W;
  {$EXTERNALSYM OBJECTS_AND_NAME_}
  POBJECTS_AND_NAME_ = POBJECTS_AND_NAME_W;
  {$EXTERNALSYM POBJECTS_AND_NAME_}
  TObjectsAndName = TObjectsAndNameW;
  PObjectsAndName = PObjectsAndNameW;
{$ELSE}
  OBJECTS_AND_NAME_ = OBJECTS_AND_NAME_A;
  {$EXTERNALSYM OBJECTS_AND_NAME_}
  POBJECTS_AND_NAME_ = POBJECTS_AND_NAME_A;
  {$EXTERNALSYM POBJECTS_AND_NAME_}
  TObjectsAndName = TObjectsAndNameA;
  PObjectsAndName = PObjectsAndNameA;
{$ENDIF}

//
// Definition: TRUSTEE
// This structure is used to pass account information into and out of the system
// using the API defined in this document.
// PMultipleTrustee     - if NON-NULL, points to another trustee structure, as
//                    defined by the multiple trustee operation field.
// MultipleTrusteeOperation - Defines the multiple trustee operation/type.
// TrusteeForm - defines if the trustee is defined by name or SID.
// TrusteeType - defines if the trustee type is unknown, a user or a group.
// PwcsName     - points to the trustee name or the trustee SID.
//

  PTRUSTEE_A = ^TRUSTEE_A;
  {$EXTERNALSYM PTRUSTEE_A}
  _TRUSTEE_A = packed record
    pMultipleTrustee: PTRUSTEE_A;
    MultipleTrusteeOperation: MULTIPLE_TRUSTEE_OPERATION;
    TrusteeForm: TRUSTEE_FORM;
    TrusteeType: TRUSTEE_TYPE;
    ptstrName: LPSTR;
  end;
  {$EXTERNALSYM _TRUSTEE_A}
  TRUSTEE_A = _TRUSTEE_A;
  {$EXTERNALSYM TRUSTEE_A}
  TRUSTEEA = TRUSTEE_A;
  {$EXTERNALSYM PTRUSTEEA}
  PPTRUSTEE_A = ^PTRUSTEE_A;
  {$NODEFINE PPTRUSTEE_A}
  TTrusteeA = TRUSTEE_A;
  PTrusteeA = PTRUSTEE_A;

  PTRUSTEE_W = ^TRUSTEE_W;
  {$EXTERNALSYM PTRUSTEE_W}
  _TRUSTEE_W = packed record
    pMultipleTrustee: PTRUSTEE_W;
    MultipleTrusteeOperation: MULTIPLE_TRUSTEE_OPERATION;
    TrusteeForm: TRUSTEE_FORM;
    TrusteeType: TRUSTEE_TYPE;
    ptstrName: LPWSTR;
  end;
  {$EXTERNALSYM _TRUSTEE_W}
  TRUSTEE_W = _TRUSTEE_W;
  {$EXTERNALSYM TRUSTEE_W}
  TRUSTEEW = TRUSTEE_W;
  {$EXTERNALSYM TRUSTEEW}
  PPTRUSTEE_W = ^PTRUSTEE_W;
  {$NODEFINE PPTRUSTEE_W}
  TTrusteeW = TRUSTEE_W;
  PTrusteeW = PTRUSTEE_W;

{$IFDEF UNICODE}
  TRUSTEE_ = TRUSTEE_W;
  {$EXTERNALSYM TRUSTEE_}
  PTRUSTEE_ = PTRUSTEE_W;
  {$EXTERNALSYM PTRUSTEE_}
  TRUSTEE = TRUSTEEW;
  {$EXTERNALSYM TRUSTEE}
  PPTRUSTEE = ^PPTRUSTEE_W;
  {$NODEFINE PPTRUSTEE}
  TTrustee = TTrusteeW;
  PTrustee = PTrusteeW;
{$ELSE}
  TRUSTEE_ = TRUSTEE_A;
  {$EXTERNALSYM TRUSTEE_}
  PTRUSTEE_ = PTRUSTEE_A;
  {$EXTERNALSYM PTRUSTEE_}
  TRUSTEE = TRUSTEEA;
  {$EXTERNALSYM TRUSTEE}
  PPTRUSTEE = ^PPTRUSTEE_A;
  {$NODEFINE PPTRUSTEE}
  TTrustee = TTrusteeA;
  PTrustee = PTrusteeA;
{$ENDIF}

//
// Definition: ACCESS_MODE
// This enumerated type specifies how permissions are (requested)/to be applied
//  for the trustee by the access control entry.  On input this field can by any
//  of the values, although it is not meaningful to mix access control and audit
//  control entries.  On output this field will be either SET_ACCESS, DENY_ACCESS,
// SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE.
// The following descriptions define how this type effects an explicit access
// request to apply access permissions to an object.
// GRANT_ACCESS - The trustee will have at least the requested permissions upon
//                successful completion of the command. (If the trustee has
//                additional permissions they will not be removed).
// SET_ACCESS - The trustee will have exactly the requested permissions upon
//              successful completion of the command.
// DENY_ACCESS - The trustee will be denied the specified permissions.
// REVOKE_ACCESS - Any explicit access rights the trustee has will be revoked.
// SET_AUDIT_SUCCESS - The trustee will be audited for successful opens of the
//                     object using the requested permissions.
// SET_AUDIT_FAILURE - The trustee will be audited for failed opens of the object
//                     using the requested permissions.
//

  _ACCESS_MODE = (
    NOT_USED_ACCESS,
    GRANT_ACCESS,
    SET_ACCESS,
    DENY_ACCESS,
    REVOKE_ACCESS,
    SET_AUDIT_SUCCESS,
    SET_AUDIT_FAILURE);
  {$EXTERNALSYM _ACCESS_MODE}
  ACCESS_MODE = _ACCESS_MODE;
  {$EXTERNALSYM ACCESS_MODE}
  TAccessMode = _ACCESS_MODE;

//
// Definition: Inheritance flags
// These bit masks are provided to allow simple application of inheritance in
// explicit access requests on containers.
// NO_INHERITANCE       The specific access permissions will only be applied to
//                  the container, and will not be inherited by objects created
//                  within the container.
// SUB_CONTAINERS_ONLY_INHERIT  The specific access permissions will be inherited
//                              and applied to sub containers created within the
//                              container, and will be applied to the container
//                              itself.
// SUB_OBJECTS_ONLY_INHERIT     The specific access permissions will only be inherited
//                              by objects created within the specific container.
//                              The access permissions will not be applied to the
//                              container itself.
// SUB_CONTAINERS_AND_OBJECTS_INHERIT   The specific access permissions will be
//                                      inherited by containers created within the
//                                      specific container, will be applied to
//                                      objects created within the container, but
//                                      will not be applied to the container itself.
//

const
  NO_INHERITANCE                     = $0;
  {$EXTERNALSYM NO_INHERITANCE}
  SUB_OBJECTS_ONLY_INHERIT           = $1;
  {$EXTERNALSYM SUB_OBJECTS_ONLY_INHERIT}
  SUB_CONTAINERS_ONLY_INHERIT        = $2;
  {$EXTERNALSYM SUB_CONTAINERS_ONLY_INHERIT}
  SUB_CONTAINERS_AND_OBJECTS_INHERIT = $3;
  {$EXTERNALSYM SUB_CONTAINERS_AND_OBJECTS_INHERIT}
  INHERIT_NO_PROPAGATE               = $4;
  {$EXTERNALSYM INHERIT_NO_PROPAGATE}
  INHERIT_ONLY                       = $8;
  {$EXTERNALSYM INHERIT_ONLY}

//
// Informational bit that is returned
//

  INHERITED_ACCESS_ENTRY = $10;
  {$EXTERNALSYM INHERITED_ACCESS_ENTRY}

//
// Informational bit that tells where a node was inherited from.  Valid only
// for NT 5 APIs
//